General Information
Your personal information
We are committed to protecting your privacy when you use our services. This privacy notice explains:
- who we are, how we use your information and who our Data Protection Officer is
- what personal information about you we process
- what are the legal grounds for processing your personal information (including when we share it with others
- what you should do if your personal information changes
- how long we retain your personal data
- what are your rights under data protection laws
Who we are
Guy’s and St Thomas’ Specialist Care is part of Guy’s and St Thomas’ NHS Foundation Trust (“we” or “us”). Our private patient services are delivered at Evelina London Children’s, Guy’s, Harefield, Royal Brompton and St Thomas’ hospitals, as well as Wimpole Street Consulting Rooms and Diagnostic Centre.
We provide specialist care for patients with a wide range of health conditions, including congenital (present at birth), inherited and acquired.
Our registration with the Information Commissioner
We are registered with the Information Commissioner’s Office to process personal and special categories of data under the
Our data protection officer
Our Data Protection Officer makes sure we respect your rights and process your personal information according to the law. If you have any concerns or questions about how we look after your personal information, please contact our Data Protection Officer by emailing IG@gstt@nhs.uk.
How do we lawfully use your data?
We may be required by law to share information about you. This includes preventing and detecting fraud, disclosure under a court order, with the police for the prevention and detection of serious crime, or where there is an overriding public interest to prevent abuse or serious harm to others.
How long will we store your information?
We keep your personal information according to the NHS records management code of practice.
Information for service users
How your personal information is used
Your clinical care team and other health and care professionals caring for you keep records about your health and any treatment and care you receive from the NHS and other related agencies. The data we hold about you includes basic information such as name, address and other contact details. We also collect sensitive confidential data (known as ‘special category personal data’). This includes your health information, and if we need this information to care for you, your religious beliefs and sexual preferences. Your health information may include:
- details about you such as your address, carer, legal representative and emergency contact details
- contacts we have had with you – appointments, clinics, in-patient stays
- details about your health, treatment and care
- relevant information from other professionals, relatives or those who care for you
How do we lawfully use your data?
We need this information to help provide you with the best possible healthcare.
We process and share information in line with the Health and Social Care Act 2015, the Data Protection Act 2018 and the GDPR (General Data Protection Regulation) article 6(1)(c), 6(1)(d), 6(1) (e), 6(1)(f) and article 9 EU GDPR (processing of special categories of personal data):
9(2)(h) – Processing is necessary for the purposes of preventative or occupational medicine, for assessing the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or management of health or social care systems and services on the basis of Union or Member State law or a contract with a health professional.
Your information is shared for health and social care purposes. Not sharing information may lead to a clinical risk, safeguarding issues or concerns about your care, and may have an impact on the care and treatment that we or our partners are able to provide. Where it supports your care, we may also share your information with education and voluntary and private sector agencies (including care homes) working with us. In most other circumstances we will seek your consent to share your information.
We may be required by law to share information about you. This includes preventing and detecting fraud, disclosure under a court order, sharing with the Care Quality Commission for inspection purposes, with the police for the prevention and detection of serious crime, or where there is an overriding public interest to prevent abuse or serious harm to others.
If we use your personal information for research purposes we will seek your consent first.
You may want to consider treatment through another provider if do not agree with the above.
What formats do we use to keep your information safe?
The records we hold about you are mostly electronic, but some may be kept on paper (especially older records). We use a combination of working practices and technology to make sure your information is kept confidential and secure.
If you give us your email address, we will use that to contact you. If you give us your mobile phone number, we may use it to send you SMS messages about your appointments. We will never disclose any special categories of your personal data in a text message.
How can you access your personal information?
You have a right under Data Protection legislation to request a copy of the information we hold about you, or to ask to see it. If you are currently receiving care from us, speak to someone in the team where your care is taking place and they will be able to help you. Otherwise please send your request to subjectaccess@gstt.nhs.uk. You will need to give us adequate information about you to verify your identity (name, address, date of birth, NHS number and what information you are requesting). We may ask you to provide documents to confirm your identity.
There is no charge for this. We will respond to you within one month.
If your personal information changes, please tell the team where you are receiving your care so we can update your records.
If you think the information we hold about you is inaccurate please state this clearly in writing to IG@gstt@nhs.uk. We can change factual information if it’s incorrect. We are not able to change clinical opinions. If you think these are wrong, please set out why you think this is and we will add it to your clinical record to make this clear.
Where you have given consent for us to process your information (such as for research purposes) you can withdraw your consent. Please put this in writing to us.
National opt-out
From 25 May 2018 you can choose to stop your confidential patient information being used for purposes other than your own care and treatment. This choice is known as a national data opt-out. If you choose to opt out, NHS Digital will apply your opt-out from 25 May 2018. All other health and social care organisations are required to apply your opt-out by 31 July 2022. Find out more about the national data opt-out.
If you have previously registered an opt-out with your GP practice to request that NHS Digital does not use your confidential patient information (other than for your individual care and treatment), this will have automatically been converted to a national data opt-out on 25 May 2018. Find out more about this conversion.
Objections and complaints
If you have any concerns about how your information is managed, you can speak to the clinical team where you are receiving your care.
Alternatively, our Patient Advice and Liaison Service (PALS) can help. They can be contacted at: pals@rbht.nhs.uk
Our Information Governance team can also listen to your concerns or give you advice about your rights in respect of the data we hold about you. You can contact them by email at IG@gstt@nhs.uk.
If you are still concerned you have the right to complain to the Information Commissioner:
Call their helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). Or see the ICO website https://ico.org.uk/
Information for governors and members
How do we lawfully use your data?
We process and share your information under Article 6 1(e) of the General Data Protection Regulation (processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller).
How your personal information is used?
As a Foundation Trust we have a statutory requirement to process membership data in our capacity as a public body. We process membership data to maintain a membership, run annual elections and ensure the membership is representative of our communities. We need information about you so that we can manage and maintain the Trust membership system. Trust membership is an inherent part of the governance arrangements of a Foundation Trust and is authorised under the NHS Constitution.
Your information is securely on a database held by an external provider who has physical security controls together with accredited IT security.
We may share your information with an external provider during public consultation exercises, for you to participate in governor elections or any other related purposes. We do not sell your information and we do not use it for marketing purposes.
The information we hold about you will only be used to contact you about the Trust, membership or other related issues.
How long will we store your information?
We keep your personal information according to the NHS records management code of practice.
If you withdraw your membership, we will not retain your personal information.
You may also request that your information is removed or forgotten or that you do not give us your consent to process your personal information. This would mean you would be unable to continue as a member or governor.
What formats do we use to keep your information safe?
The records we hold about you are electronic.
How can you access your personal information?
You have a right under Data Protection legislation to request a copy of the information we hold about you, or to ask to see it. If you are a public member, speak to someone in the membership team who will be able to help you. Contact your local HR representative. Otherwise please send your request to IG@gstt@nhs.uk. You will need to give us adequate information about you to verify your identity (name, address, date of birth, and what information you are requesting). We may ask you to provide documents to confirm your identity. There is no charge for this. We will respond to you within one month.
Information for staff
By staff we mean applicants, employees, former employees, agency staff, apprentices, volunteers, trainees, secondees and contractors.
How do we lawfully use your data?
We process and share your information under Article 6 1(b) of the General Data Protection Regulation (processing is necessary for the performance of a contract), Article 6 1(a) (consent has been given for the processing of personal data) – this mostly applies to the sensitive categories of information you give us when you apply for a job as this ensures we treat you fairly and equitably. We will also seek your consent if we want to refer you to occupational health or similar external agencies.
How your personal information is used?
To carry out our activities and obligations as an employer we process your personal information where required in relation to:
- name, home address, telephone, personal email address, date of birth, national insurance number, employee identification number and marital status, and any other information necessary for our business purposes, which is voluntarily disclosed in the course of an employee’s application for and employment with us
- national insurance number
- special categories of personal data: for example, data about race, ethnic origin, religious or philosophical beliefs, trade union membership, health, and sexual orientation (collected only where required by law and used and disclosed only to fulfil legal requirements)
- absence information, e.g. annual leave, sickness absence, study leave, maternity leave, paternity leave, occupational health clearance information
- qualification and training information
- statutory and voluntary registration data
When you are no longer our employee, we may continue to share your information as described in this notice as long as this is fair and lawful.
We may be required by law to share information about you. This includes preventing and detecting fraud, disclosure under a court order, to HM Revenue and Customs, Pensions Agencies, with the police for the prevention and detection of serious crime, or where there is an overriding public interest to prevent abuse or serious harm to others.
We also share information through ESR and with our payroll provider to enable us to pay you.
How long will we store your information?
We keep your personal information according to the NHS records management code of practice.
What formats do we use to keep your information safe?
The records we hold about you centrally are mostly electronic. Records held locally by your manager may be either in electronic or paper format.
How can you access your personal information?
You have a right under Data Protection legislation to request a copy of the information we hold about you, or to ask to see it. If you are employed with us contact your local HR representative. Otherwise please send your request to IG@gstt@nhs.uk.
You will need to give us adequate information about you to verify your identity (name, address, date of birth, and what information you are requesting). We may ask you to provide documents to confirm your identity. There is no charge for this. We will respond to you within one month.
Objections and complaints
If you have any concerns about how your information is managed, you can speak to your line manager or your local HR representative.
Our Information Governance team can also listen to your concerns or give you advice about your rights in respect of the data we hold about you. You can contact them by email at IG@gstt@nhs.uk.
If you are still concerned you have the right to complain to the Information Commissioner:
Call their helpline on 0303 123 1113 (local rate – calls to this number cost the same as calls to 01 or 02 numbers). Or see the ICO website.